tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Luby <patrick.l...@sun.com>
Subject [PATCH] Fix for bug when running with -security option
Date Thu, 11 Oct 2001 20:13:15 GMT
All,

Attached are patches to the following 2 files. If they are OK, these 2
patches should be applied to both the HEAD and tomcat_40_branch branches:

jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/startup/Bootstrap.java
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/loader/WebappClassLoader.java

Basically, these patches fix a bug in
WebappClassLoader.getResourceAsStream() where, when Tomcat is run with the
-security option, a URL object is loaded into the resource cache using a
PrivilegedAction subclass and then the InputStream of that URL object is
opened without using a PrivilegedAction. This bug causes certain resource
files that are supposed to be accessible to a webapp to not be accessible.

Thanks to Remy for showing the patch needed to Bootstrap.java.

Patrick
Mime
View raw message